CyberSecurity Institute

An employee sitting at his desk might get a prompt saying, “this bank is having integrity issues with money,” or “you cant make trades over this technical system.” The employee then might role-play talking to an FBI agent — likely an actual one enlisted to help with the drill, said Dave Aitel, CEO of the security firm Immunity, who formerly worked as a research scientist for the National Security Agency.

The financial sector is hoping to prepare itself for a massive, disruptive attack — a growing concern lately, as “hacktivists,” organized cybercriminals and government-spnosored attacks become increasingly large and successful. Though still a far-off doomsday scenario, some security industry experts say the financial sector is vulnerable to cyber-terrorists aiming to damage the U.S. economy. That’s because banks and other financial institutions have to do deal with money flows in real time, with markets hanging in the balance.

Though some skeptical security experts dismissed Quantum Dawn as a PR stunt, SIFMA said the first run was useful in uncovering flaws in the industry’s cyberattack protocols. The trade group found that banks were largely good at sharing information with one another, but bad at making real-time critical decisions for mitigating the threats.

Link: http://money.cnn.com/2013/07/18/technology/security/bank-cyberattack/index.html

JPMorgan and its peers like Bank of America, Citigroup and Wells Fargo have signed up for Thursday’s drill, which is being organized by Wall Street’s biggest trade group, the Securities Industry and Financial Markets Association, or SIFMA.

They’ll monitor a simulated stock exchange for irregular trading and will be pressed to figure out what’s going on and how to react while sharing information with regulators and each other.

But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic — akin to overwhelming a phone line with too many calls.

“If you went to banks three years ago, and said, ‘What are your top five risks?’, probably none of them would put cyber on there,” said Karl Schimmeck, SIFMA’s vice president for financial services operations.

The Office of the Comptroller of the Currency, which regulates national banks, recently held a call with community bankers to warn them that they’re not free from danger either: Since September, attacks have been increasingly aimed at businesses with fewer than 250 employees, the OCC says. Customers would have to go through certain steps to get their money back, like filing a claim, showing that they weren’t negligently tossing their account information around and giving the bank time to investigate.

A DRILL BY ANY OTHER NAME: As for the title of Thursday’s drill, the one that sounds more appropriate for an action movie than a bank security exercise, it came about during the creation of the original drill in 2011, which was organized by the Financial Services Sector Coordinating Council.

Link: http://www.seattlepi.com/business/technology/article/As-cyber-attacks-detonate-banks-gird-for-battle-4667972.php